Travel Rule in AML
Travel Rule: At a Glance
- The Travel Rule requires cryptoasset businesses to collect, verify, retain and, where applicable, transmit specified information relating to the originator and beneficiary of relevant cryptoasset transfers.
- The Travel Rule is based on FATF Recommendation 16, extended to virtual assets in 2019 to combat money laundering and terrorist financing (ML/TF) through cryptoasset transfers.
- Under UK AML Regulations, the Travel Rule applies to cryptoasset exchange providers and custodian wallet providers registered with the FCA.
- Common challenges include incomplete and inconsistent data transmission between cryptoasset businesses and managing unhosted wallets.
- The Financial Conduct Authority (FCA) expects businesses to take all reasonable steps to comply with the Travel Rule, supporting financial transparency and the detection of money laundering and terrorist financing.
What is the Travel Rule Under AML UK Regulations?
The Travel Rule under UK AML regulations requires cryptoasset businesses to collect, verify, and share key identifying information about both the originator and beneficiary of a cryptoasset transfer.
The Travel Rule is based on FATF Recommendation 16, which sets international standards for payment transparency. It requires financial institutions to include accurate originator and beneficiary information with each transfer.
Following FATF Recommendation 16, Part 7A of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), as inserted by the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022, requires UK cryptoasset businesses to collect, verify, retain and, where applicable, securely transmit specified information relating to the originator and beneficiary of relevant cryptoasset transfers. These requirements came into force on 1 September 2023.
Similar to requirements for traditional wire transfers, the Travel Rule applies to cryptoasset transfers undertaken by cryptoasset businesses registered with the FCA under the MLRs, including cryptoasset exchange providers and custodian wallet providers.
The objective of the Travel Rule is to bring greater transparency to cryptoasset transfers, making it harder for criminals to use cryptoassets for money laundering or terrorist financing. The FCA supervises and enforces compliance with the Travel Rule under UK AML regulations.
Practical Travel Rule Scenarios for UK Cryptoasset Businesses
In practice, specific ML/TF risks arise depending on how cryptoasset transfers are structured and which parties are involved. The following scenarios illustrate key compliance challenges.
Suppose a UK-registered cryptoasset business sends a cryptoasset transfer to another cryptoasset business. If the originator transmits incomplete or inaccurate originator information, the beneficiary cryptoasset business must match received data against its own Customer Due Diligence records. Where information is missing or inconsistent, the beneficiary cryptoasset business must request the missing details and, if not resolved, consider rejecting the transfer or filing a Suspicious Activity Report. Repeated failures by the originator to provide required information must be reported to the FCA.
Where a cryptoasset transfer involves an unhosted wallet, there is no counterparty institution to receive or transmit Travel Rule data. The originating cryptoasset business is not required to send information to the unhosted wallet but must obtain the information required under Part 7A, applying the specific rules for unhosted wallet transfers and a risk-based approach. The FCA expects firms to assess ownership or control of the wallet rather than applying a blanket block.
If a beneficiary cryptoasset business is in an overseas jurisdiction where the Travel Rule is not yet implemented, the overseas cryptoasset business may lack the infrastructure or obligation to receive Travel Rule data. The UK originator cryptoasset business must still collect and verify the required originator and beneficiary information and retain it, even if the counterparty cannot receive it. The FCA expects the originator to take all reasonable steps to establish whether the overseas firm can accept the data and to conduct a risk-based assessment before proceeding with the transfer.
Travel Rule Obligations Under UK AML Laws and Regulatory Expectations
The legal basis of the Travel Rule in the UK is established through Part 7A of the MLR 2017, as inserted by the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022, implementing FATF Recommendation 16 and requiring cryptoasset businesses to collect, verify, retain and, where applicable, transmit specified information relating to the originator and beneficiary.
The regulations specify the information that must accompany relevant cryptoasset transfers and set out when the originating cryptoasset business must send that information to the beneficiary cryptoasset business securely.
The FCA supervises cryptoasset businesses and expects them to take all reasonable steps, on a risk-sensitive basis, to comply with the Travel Rule.
The UK regulatory framework continues to evolve, with the FCA expecting businesses to regularly review the implementation status of the Travel Rule in other jurisdictions and adapt their processes accordingly.
Best Practice Controls for Travel Rule AML Compliance
The best practices to implement for travel rule AML compliance are as follows:
- Cryptoasset businesses should use appropriate Travel Rule tools or secure data-sharing arrangements to send and receive required information.
- Cryptoasset businesses should ensure that customer details are correctly identified and verified during onboarding.
- Cryptoasset businesses should adopt a risk-based approach when dealing with unhosted wallet transfers, applying the Part 7A requirements and requesting additional customer information where appropriate.
- Cryptoasset businesses should align Travel Rule data with CDD, sanctions screening, transaction monitoring and suspicious activity reporting controls.
- Relevant employees should be trained on Travel Rule requirements, AML obligations, escalation procedures and suspicious activity indicators.
Key Compliance Challenges with the Travel Rule
Implementing the Travel Rule involves significant operational and technological challenges. The key hurdles are:
Cryptoasset businesses may receive incomplete or inconsistent data when compared with their own Customer Due Diligence (CDD) records. This can make it difficult for the beneficiary cryptoasset business to process the transfer promptly and may lead to delays, rejection, return of the transfer, or further investigation.
An unhosted wallet poses a challenge to Travel Rule compliance, as information verification is more difficult, leading to higher ML/TF risk.
Interoperability and data privacy are challenges when dealing with cryptoasset businesses of different countries and diverse platforms, as protocols lack a global standard.
UK regulations continue to evolve, and the FCA expects businesses to demonstrate ongoing compliance efforts, which requires continual investment in systems and processes.
How AML Consultants UK Can Help with Travel Rule AML Compliance
AML Consultants UK supports cryptoasset businesses with risk-based compliance services aligned with Travel Rule obligations.
Services include FCA-aligned customer due diligence, enhanced due diligence, firm-wide risk assessment (FWRA), Travel Rule policies and procedures, employee training, and support in establishing an effective financial crime compliance framework.
Through compliance support and assistance, AML Consultants UK helps businesses build proportionate AML frameworks aligned with UK supervisory expectations.
FAQs about Travel Rule AML Compliance
What is the travel rule in UK crypto regulation?
The Travel Rule requires cryptoasset businesses to collect, verify, retain and, where applicable, transmit specified information relating to the originator and beneficiary of relevant cryptoasset transfers.
Does the travel rule apply to crypto transactions?
Yes, the Travel Rule applies to cryptoasset transfers as mandated under Part 7A of the MLR 2017, as inserted by the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022.
What information must be shared under the travel rule?
The required information generally includes the originator’s and beneficiary’s names and cryptoasset account details or wallet addresses, with additional originator information required for certain transfers, including cross-border transfers at or above the applicable threshold.
How are unhosted wallets treated under the travel rule?
For unhosted wallet transfers, firms should apply the specific Part 7A requirements and assess the ML/TF/PF risk on a risk-sensitive basis. Depending on the circumstances and value of the transfer, the firm may need to request additional information from its customer, including information relating to the originator or beneficiary.
Who enforces the travel rule in the UK?
The Financial Conduct Authority is the authority responsible for enforcing and supervising compliance with the Travel Rule across registered cryptoasset businesses.
What happens if the firm fails to comply with the travel rule?
The beneficiary cryptoasset business must request the missing information from the originating cryptoasset business. If the information is not provided within a reasonable time, the transfer may be rejected or returned to the originator. Repeated failures by a cryptoasset business to provide required information must be reported to the FCA.
Stay AML/CTF/CPF Compliant, Stay Protected
Let AML Consultants UK be your partner in the fight against financial crimes